summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog5
-rw-r--r--readpass.c71
-rw-r--r--ssh-add.c70
3 files changed, 81 insertions, 65 deletions
diff --git a/ChangeLog b/ChangeLog
index f95234db9..61cb11b52 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,9 @@
3 - ian@cvs.openbsd.org 2001/04/18 16:21:05 3 - ian@cvs.openbsd.org 2001/04/18 16:21:05
4 [ssh-keyscan.1] 4 [ssh-keyscan.1]
5 Fix typo reported in PR/1779 5 Fix typo reported in PR/1779
6 - markus@cvs.openbsd.org 2001/04/18 21:57:42
7 [readpass.c ssh-add.c]
8 call askpass from ssh, too, based on work by roth@feep.net, ok deraadt
6 9
720010418 1020010418
8 - OpenBSD CVS Sync 11 - OpenBSD CVS Sync
@@ -5165,4 +5168,4 @@
5165 - Wrote replacements for strlcpy and mkdtemp 5168 - Wrote replacements for strlcpy and mkdtemp
5166 - Released 1.0pre1 5169 - Released 1.0pre1
5167 5170
5168$Id: ChangeLog,v 1.1140 2001/04/19 20:31:02 mouring Exp $ 5171$Id: ChangeLog,v 1.1141 2001/04/19 20:33:07 mouring Exp $
diff --git a/readpass.c b/readpass.c
index 3d73af747..b93eaba43 100644
--- a/readpass.c
+++ b/readpass.c
@@ -32,11 +32,58 @@
32 */ 32 */
33 33
34#include "includes.h" 34#include "includes.h"
35RCSID("$OpenBSD: readpass.c,v 1.14 2001/02/08 19:30:52 itojun Exp $"); 35RCSID("$OpenBSD: readpass.c,v 1.15 2001/04/18 21:57:41 markus Exp $");
36 36
37#include "xmalloc.h" 37#include "xmalloc.h"
38#include "cli.h" 38#include "cli.h"
39#include "readpass.h" 39#include "readpass.h"
40#include "pathnames.h"
41#include "log.h"
42#include "atomicio.h"
43#include "ssh.h"
44
45char *
46ssh_askpass(char *askpass, char *msg)
47{
48 pid_t pid;
49 size_t len;
50 char *nl, *pass;
51 int p[2], status;
52 char buf[1024];
53
54 if (fflush(stdout) != 0)
55 error("ssh_askpass: fflush: %s", strerror(errno));
56 if (askpass == NULL)
57 fatal("internal error: askpass undefined");
58 if (pipe(p) < 0)
59 fatal("ssh_askpass: pipe: %s", strerror(errno));
60 if ((pid = fork()) < 0)
61 fatal("ssh_askpass: fork: %s", strerror(errno));
62 if (pid == 0) {
63 seteuid(getuid());
64 setuid(getuid());
65 close(p[0]);
66 if (dup2(p[1], STDOUT_FILENO) < 0)
67 fatal("ssh_askpass: dup2: %s", strerror(errno));
68 execlp(askpass, askpass, msg, (char *) 0);
69 fatal("ssh_askpass: exec(%s): %s", askpass, strerror(errno));
70 }
71 close(p[1]);
72 len = read(p[0], buf, sizeof buf);
73 close(p[0]);
74 while (waitpid(pid, &status, 0) < 0)
75 if (errno != EINTR)
76 break;
77 if (len <= 1)
78 return xstrdup("");
79 nl = strchr(buf, '\n');
80 if (nl)
81 *nl = '\0';
82 pass = xstrdup(buf);
83 memset(buf, 0, sizeof(buf));
84 return pass;
85}
86
40 87
41/* 88/*
42 * Reads a passphrase from /dev/tty with echo turned off. Returns the 89 * Reads a passphrase from /dev/tty with echo turned off. Returns the
@@ -51,5 +98,27 @@ RCSID("$OpenBSD: readpass.c,v 1.14 2001/02/08 19:30:52 itojun Exp $");
51char * 98char *
52read_passphrase(const char *prompt, int from_stdin) 99read_passphrase(const char *prompt, int from_stdin)
53{ 100{
101 char *askpass = NULL;
102 int use_askpass = 0, ttyfd;
103
104 if (from_stdin) {
105 if (!isatty(STDIN_FILENO))
106 use_askpass = 1;
107 } else {
108 ttyfd = open("/dev/tty", O_RDWR);
109 if (ttyfd >= 0)
110 close(ttyfd);
111 else
112 use_askpass = 1;
113 }
114
115 if (use_askpass && getenv("DISPLAY")) {
116 if (getenv(SSH_ASKPASS_ENV))
117 askpass = getenv(SSH_ASKPASS_ENV);
118 else
119 askpass = _PATH_SSH_ASKPASS_DEFAULT;
120 return ssh_askpass(askpass, prompt);
121 }
122
54 return cli_read_passphrase(prompt, from_stdin, 0); 123 return cli_read_passphrase(prompt, from_stdin, 0);
55} 124}
diff --git a/ssh-add.c b/ssh-add.c
index 2ac2c2515..323e73ecf 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -35,7 +35,7 @@
35 */ 35 */
36 36
37#include "includes.h" 37#include "includes.h"
38RCSID("$OpenBSD: ssh-add.c,v 1.35 2001/04/14 16:27:57 markus Exp $"); 38RCSID("$OpenBSD: ssh-add.c,v 1.36 2001/04/18 21:57:42 markus Exp $");
39 39
40#include <openssl/evp.h> 40#include <openssl/evp.h>
41 41
@@ -103,66 +103,18 @@ delete_all(AuthenticationConnection *ac)
103 fprintf(stderr, "Failed to remove all identities.\n"); 103 fprintf(stderr, "Failed to remove all identities.\n");
104} 104}
105 105
106char *
107ssh_askpass(char *askpass, char *msg)
108{
109 pid_t pid;
110 size_t len;
111 char *nl, *pass;
112 int p[2], status;
113 char buf[1024];
114
115 if (fflush(stdout) != 0)
116 error("ssh_askpass: fflush: %s", strerror(errno));
117 if (askpass == NULL)
118 fatal("internal error: askpass undefined");
119 if (pipe(p) < 0)
120 fatal("ssh_askpass: pipe: %s", strerror(errno));
121 if ((pid = fork()) < 0)
122 fatal("ssh_askpass: fork: %s", strerror(errno));
123 if (pid == 0) {
124 close(p[0]);
125 if (dup2(p[1], STDOUT_FILENO) < 0)
126 fatal("ssh_askpass: dup2: %s", strerror(errno));
127 execlp(askpass, askpass, msg, (char *) 0);
128 fatal("ssh_askpass: exec(%s): %s", askpass, strerror(errno));
129 }
130 close(p[1]);
131 len = read(p[0], buf, sizeof buf);
132 close(p[0]);
133 while (waitpid(pid, &status, 0) < 0)
134 if (errno != EINTR)
135 break;
136 if (len <= 1)
137 return xstrdup("");
138 nl = strchr(buf, '\n');
139 if (nl)
140 *nl = '\0';
141 pass = xstrdup(buf);
142 memset(buf, 0, sizeof(buf));
143 return pass;
144}
145
146void 106void
147add_file(AuthenticationConnection *ac, const char *filename) 107add_file(AuthenticationConnection *ac, const char *filename)
148{ 108{
149 struct stat st; 109 struct stat st;
150 Key *private; 110 Key *private;
151 char *comment = NULL, *askpass = NULL; 111 char *comment = NULL;
152 char buf[1024], msg[1024]; 112 char msg[1024];
153 int interactive = isatty(STDIN_FILENO);
154 113
155 if (stat(filename, &st) < 0) { 114 if (stat(filename, &st) < 0) {
156 perror(filename); 115 perror(filename);
157 exit(1); 116 exit(1);
158 } 117 }
159 if (!interactive && getenv("DISPLAY")) {
160 if (getenv(SSH_ASKPASS_ENV))
161 askpass = getenv(SSH_ASKPASS_ENV);
162 else
163 askpass = _PATH_SSH_ASKPASS_DEFAULT;
164 }
165
166 /* At first, try empty passphrase */ 118 /* At first, try empty passphrase */
167 private = key_load_private(filename, "", &comment); 119 private = key_load_private(filename, "", &comment);
168 if (comment == NULL) 120 if (comment == NULL)
@@ -174,18 +126,10 @@ add_file(AuthenticationConnection *ac, const char *filename)
174 /* clear passphrase since it did not work */ 126 /* clear passphrase since it did not work */
175 clear_pass(); 127 clear_pass();
176 printf("Need passphrase for %.200s\n", filename); 128 printf("Need passphrase for %.200s\n", filename);
177 if (!interactive && askpass == NULL) { 129 snprintf(msg, sizeof msg, "Enter passphrase for %.200s ",
178 xfree(comment); 130 comment);
179 return;
180 }
181 snprintf(msg, sizeof msg, "Enter passphrase for %.200s", comment);
182 for (;;) { 131 for (;;) {
183 if (interactive) { 132 pass = read_passphrase(msg, 1);
184 snprintf(buf, sizeof buf, "%s: ", msg);
185 pass = read_passphrase(buf, 1);
186 } else {
187 pass = ssh_askpass(askpass, msg);
188 }
189 if (strcmp(pass, "") == 0) { 133 if (strcmp(pass, "") == 0) {
190 clear_pass(); 134 clear_pass();
191 xfree(comment); 135 xfree(comment);
@@ -195,7 +139,7 @@ add_file(AuthenticationConnection *ac, const char *filename)
195 if (private != NULL) 139 if (private != NULL)
196 break; 140 break;
197 clear_pass(); 141 clear_pass();
198 strlcpy(msg, "Bad passphrase, try again", sizeof msg); 142 strlcpy(msg, "Bad passphrase, try again ", sizeof msg);
199 } 143 }
200 } 144 }
201 if (ssh_add_identity(ac, private, comment)) 145 if (ssh_add_identity(ac, private, comment))